This year, for the first time, we conducted research into encryption trends in the cloud. Based on the independent survey carried out by the Ponemon Institute, ‘Encryption in the Cloud’ is part of a wider study entitled the 2011 Global Encryption Trends Study. The Ponemon Institute surveyed more than 4,000 business and IT managers in seven different countries. The results are fascinating and provide the most comprehensive snapshot available on how organizations today are trying to protect the information assets they entrust to cloud providers.
First and foremost, it’s clear that the cloud is becoming a natural progression of IT strategy for the enterprise. Around half of organizations already entrust sensitive data to the cloud; a third said they are very likely to migrate sensitive data to the cloud within the next 24 months.
However, 39 percent of respondents believe that cloud adoption has decreased their organization’s security posture. These results are testament to the economic pressure many organizations find themselves under. Cloud adoption is rising, yet many believe it is to the detriment of enterprise data security. Financial priorities are trumping security concerns, and until organizations fall victim to a significant breach with serious repercussions to the business, this trend is likely to continue if not increase
Another interesting finding from the research is that organizations with strong security postures are more likely to transfer sensitive or confidential data to the cloud than those with weaker security postures. What exactly does this mean? Well, I would interpret these findings to mean that companies which have a better understanding of information security requirements and associated data protection regulations are more likely to take advantages of the true business benefits cloud services provide than those that still remain ignorant. This contradicts the common perception that more security-savvy companies are more skeptical of the cloud.
The research also demonstrates the close relationship between encryption and a strong security posture in the cloud. Encryption will play a vital role for organizations that wish to safely transfer and utilize their data in the cloud. Multiple encryption scenarios exist – both within and outside of the cloud. However, strong key management is central to whatever encryption method an organization chooses to use. Regardless of how much control an organization is willing to hand over to a cloud provider, there is a strong argument that key management processes should always be kept in-house. At present, only 36 percent of organizations look after their key management processes in-house when they transfer data to the cloud.
Providers that can prove that they’re capable of protecting sensitive and regulated data will be able to market their secured offerings as premium services. Those that cannot will truly be limited to selling their services as a commodity.
Edited by
Brooke Neuman